Posted
by
timothy
on Friday October 16, 2015 @06:32PM
from the do-what-they-say dept.

itwbennett writes: Even though, as reported today on Slashdot, 'experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches,' a subcommittee of the U.S. House of Representatives have 'proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practice.' The draft proposal would require vehicle manufacturers to 'develop and implement' a privacy policy outlining their information-gathering practices, and would make vehicle data hacking illegal and subject to a $100,000 penalty for each violation.

... liable for the security of their products. A weasel-worded "policy" will suffice. Caveat emptor - you were told! Steep penalties in computer hacking related cases has worked so well, with no chilling effects whatsoever!

A PCI-like standard developed by an independent body setting basic standards for encryption, segregation and/or clean, well checked APIs between control and entertainment systems will do nicely. Mandating standards has worked well for safety systems.

I am not sure that I agree. I'll give it more thought but your post don't give much logic behind it - not really. It just seems to make a bunch of assumptions based on your opinion.

In short, and I could do the long version, I'm not sure that the solution to bad governance is to increase the amount of governance. The assumption that this will improve things actually seems counterintuitive. The only thing that I can think of that it might improve is the speed that things get through - it may slow it down a li

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

I imagine this is just another wolf in sheep's clothing.

Define any access to vehicle systems that doesn't take place in a dealership as criminal hacking. This kills several birds with one stone -- the pedantic security researchers, the third part parts and maintenance people, the automotive performance guys -- all are now locked out.

And that privacy policy will be just another 10 page list of legalistic gibberish that amounts to "We will fuck you in the ass, but only after telling you we will fuck you in t

"We will fuck you in the ass, but only after telling you we will fuck you in the ass. And when we say fuck you in the ass, this is not limited to putting our dick in your ass. We may put it in your ass and then in your mouth or we may ram a dildo in your ass as well. And when we say we, we might mean us, or any of our friends, or really anyone who will give us anything of value. And if we should ejaculate during this process, we will expect you to swallow and tell us how much you liked it."

The draft of this bill states, "PROHIBITION.—It shall be unlawful for any person to access, without authorization, an electronic control unit or critical system of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection."

What if the manufacturer deems vehicle electronics to be its trade secret and explicitly prohibits anyone from disassembling it without prior written authorization? It doesn't say whose authorization. The provision should only cover vehicles in motion or in operation. Or manufacturers' lawyers will find the language to lock everyone but the licensed parties out of the process. Congress has the power to establish IP regimes. It's not limited to trade marks, patents and copyrights. The mode of the regim

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

It's already a *felony* to "hack" a vehicle. Hacking in the vernacular implies access not authorized by the owner. This law is about Congress cowtowing to industry to assist them in creating a structural monopoly. Note how the thing Congress can use to argue that they're not doing that is creating a *best practices* standard to *create a privacy policy*. Yeah, It's this great compromise that asks companies to say they're good companies!

Ill haul out the soapbox for a bit of offtopic...but how many people are sick of these cars with the all-you-can-eat infotainment systems in them? Im not talking about parents with kids that need raffi or barney on loop in the 3rd row of their urban assault vehicle. im talking about anything more than a convenient display and a USB audio jack. handsfree? never needed it. ill call back when and if im available. I dont need lane change assist, i dont need auto parking, i dont need some computer to stop m

I'd also like to add to this that I can do without the USB audio jack. A single analog stereo 1/8" input jack is perfectly sufficient. The less unnecessary vulnerabilities the better. I know cars aren't likely to ever be the most secure thing in the world, but I'd at least like mine to be more secure than unencrypted 802.11b.

Cute, but wrong. Rubber tires are significantly higher durability than wooden chariot wheels, as well as more modular. I challenge you to make it 60,000 miles on a chariot with wooden wheels without having to replace both of them entirely.

Like most of us here, I work in Technology, but am becoming increasingly disillusioned with this industry. Technology for technology's sake is my pet peeve.
Yes I like electric windows, but no I can't stand the auto wiper thing that gets it wrong most of the time. I like ABS, but hate auto lane assist. Who is that retarded that they need this?
Where are the people drawing a line in the sand to say, not all technology is good for us. Sure pick the good bits, but don't simply include everything just because i

I own an absurd number of automobiles that kind of span the ages. It's not really all that expensive to take an older car and get it professionally restored to factory condition. If you're starting with a fairly decent specimen then it's not even that expensive to ship it back to the factory for a complete restoration. My collection is picky - certain models of cars in certain years and only cars that I've either already owned or wanted to own but couldn't at the time. It's expensive when you're talking abo

These politicians want to fool the public into thinking they care about privacy, when all they really care about is spying on you. You want to give us privacy? Fine, then disconnect/eliminate all tech in the car that talks to the internet. Bet that won't happen.

They are making it a $100,000 fine to even access your own vehicle computer. Per vehicle per offense. Yet in the same document it's a 5,000 dollar per day 1m maximum fine for any non-compliance by the manufacturer. Fcuk this nonsense. This is what happens when you let lobbying get out of control.

Protected from who? The Gov' are not going to abide by any laws and will find easier and faster ways to hack/track or spy on cars with or without this kind of law.
There is a huge car modding scene in the US and this will massivly impact many car fans but also a whole sub industry that has been built on modifying cars.
Does this now mean that soon it won't be possible to drive down the road with a laptop plugged into the car to fine tune the fueling map? I do this all the time in my crappy little car. Tuni

...Because your computer told my computer to.
Any data logged and stored can be used against you in a court of law. You have no grounds to dispute it or testify against it for your defense.
By the time they're done, the computer in the car will have more privacy and rights than the driver.

Does anyone see that there is something fundamentally wrong with legislating about every highly specific scenario?

We are a species with a technological civilization complete with nuclear bombs, and we can't even figure out how to define right and wrong as it pertains to the human condition in general terms. There's something really fucked up about us. There should really only be about 2 pages of laws for people, 5-10 for small businesses, and maybe up to about a hundred for corps., not including standard

So the manufacturers will required to make up what they think is "fair" for handling your data. They could make up anything and as long as they had a "policy," you're ok! How is that even "regulation?"